AI Sec Watch

TensorFlow Lite (a machine learning framework for running AI models on mobile and embedded devices) versions before 1.15.4, 2.0.3, 2.1.2, 2.2.1, and 2.3.1 has a vulnerability where using the same tensor (a multi-dimensional array of data) as both input and output in an operation can cause a segmentation fault (a crash where the program tries to access memory it shouldn't) or memory corruption (where data in memory gets corrupted). This happens because the code doesn't properly validate inputs when a tensor is used in this way.

TensorFlow Lite (a lightweight version of TensorFlow used on mobile and embedded devices) versions before 1.15.4, 2.0.3, 2.1.2, 2.2.1, and 2.3.1 had a bug where a specially crafted model file could trick the software into trying to read from an empty memory location (null pointer dereference, where the program attempts to access data that doesn't exist). An attacker could modify the model file to convert a read-only tensor (a data structure the AI uses) into a read-write one, causing the runtime to crash or behave unpredictably when it tries to use that tensor.

TensorFlow Lite (a lightweight version of TensorFlow for mobile and embedded devices) before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, and 2.3.1 has a bug where it doesn't properly check if two tensors (multi-dimensional arrays of data) have compatible sizes. An attacker can exploit this to cause the interpreter to read or write data outside of the allocated memory region, potentially crashing the program or enabling other attacks.

TensorFlow Lite (a machine learning framework for mobile and embedded devices) had a bug in versions before 1.15.4, 2.0.3, 2.1.2, 2.2.1, and 2.3.1 where it failed to properly validate array indices (positions) after converting negative numbers to positive ones. This allowed the program to access memory outside its intended bounds, causing crashes or data corruption. The vulnerability only appeared in non-debug builds because the validation check was disabled in those versions.

A vulnerability in TensorFlow (a machine learning framework) before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, and 2.3.1 allows attackers to crash systems or corrupt data by modifying a SavedModel (TensorFlow's format for storing trained models). This can disable services that use TensorFlow to run AI models for predictions.

TensorFlow versions before 1.15.4, 2.0.3, 2.1.2, 2.2.1, and 2.3.1 have a vulnerability in the `StringNGrams` function where the `data_splits` argument (a parameter controlling how input data is divided) is not properly checked. This lack of validation allows attackers to trigger a heap overflow (a memory error where data overwrites adjacent memory), potentially exposing sensitive data like return addresses that could help bypass ASLR (address space layout randomization, a security technique that randomizes where programs load in memory).

In eager mode (a way TensorFlow runs code immediately instead of building a computation graph first), versions before 1.15.4, 2.0.3, 2.1.2, 2.2.1, and 2.3.1 fail to set up session state properly. This causes a null pointer dereference (trying to use a pointer that points to nothing), which crashes the program with a segmentation fault (a memory access error).

TensorFlow versions before 1.15.4, 2.0.3, 2.1.2, 2.2.1, and 2.3.1 contain a format string vulnerability (a bug where attackers can manipulate how data is printed to cause crashes) in the tf.strings.as_string function. By controlling the `fill` argument, an attacker can trigger a segmentation fault (a crash caused by accessing invalid memory).

TensorFlow versions before 1.15.4, 2.0.3, 2.1.2, 2.2.1, and 2.3.1 have a bug in the Shard API (a feature that divides work across multiple processors) where functions with smaller integer types are used instead of the required 64-bit integers. When processing large amounts of data, this causes integer truncation (cutting off the extra digits), which can lead to memory crashes, data corruption, or unauthorized memory access.